February Monthly Roundup

Even though February is the shortest month of the year, we still have plenty of top stories to share with you, keeping you in the know when it comes to the latest security news and threats. So take an inside look at our top posts from the past month!

Facebook’s acquisition of WhatsApp made major headlines because of the record $19 billion purchase. When the math is broken down, it’s pretty obvious that the revenue stream WhatsApp will bring in can’t cover the acquisition cost in the short or mid-term, so this raises the question about whether or not in-app ads will eventually emerge, along with accompanying privacy-intrusive monitoring tools, including message scanning (think Gmail). So is it time to seek a replacement? We don’t see a reason to panic just yet. In their posts regarding the acquisition, both Facebook’s head Mark Zuckerberg and WhatsApp boss Jan Koum stress that WhatsApp remains a separate company with its own independent policy, and given the fact that Jan Koum is famous for his disapproval of an ad-driven revenue model, we don’t expect ads and analytics to emerge anytime soon. There are no new reasons to worry about messaging privacy either. WhatsApp has dealt with breaches in the past and presently uses receive reasonable encryption, plus service owners claim that users’ messages are never stored after delivery to the recipient. Confidential data shouldn’t be sent unencrypted over standard communication channels and you should be using dedicated security tools to protect your data from prying eyes. The only real threat to watch for in the near future is a wave of fake emails and messages urging you to “confirm your WhatsApp account” or “opt out of Facebook ads inside WhatsApp” or something similar.

Events like the Winter Olympics draw cybercriminals to prey on the unsuspecting. At such times, they are likely to try to use forged webpages that pose as legitimate web-resources to try to sell fake tickets or collect private data from those willing to attend such sports events. Keep these tips in mind when visiting or participating in global events like the Winter Olympics:

We highly recommend not opening any attachment in a suspicious e-mail or social network message

Use a protected VPN connection or a software solution for online payment or online banking services

The Mask – Unveiling the World’s Most Sophisticated APT Campaign
During the company’s Security Analyst Summit in the Dominican Republic, Kaspersky Lab unveiled a new threat called “Careto,” which is apparently Spanish for “ugly face” or “mask,” though there appears to be a bit of dissension about this among Spanish speakers. A hacking group that is likely backed by an unknown national government created the threat, and has been targeting government agencies, embassies, diplomatic offices and energy companies for more than five years. Kaspersky researchers are calling this the most sophisticated advanced persistent threat campaign they have ever seen. This campaign is alarming because it not only demonstrates that highly skilled attackers are learning and honing their trade, but also because the Mask has existed under the radar, silently intercepting sensitive data since 2007. Had the attackers not tried to exploit a patched vulnerability in an older version of Kaspersky product, Costin Raiu, the director of the company’s Global Research and Analysis Team, said his researchers might have never found it. However, highly sophisticated APT campaigns like this one are generally designed to infect the machines of individuals with access to very specific, highly-sought after networks, in this case mostly those of government agencies and energy companies, and whoever is responsible for the campaign shut it down mere hours after Kaspersky’s Global Research and Analysis Team published a preview of the APT campaign.

Highly sophisticated APT campaigns like Careto are generally designed to infect the machines of individuals with access to very specific, highly-sought after networks, in this case mostly those of government agencies and energy companies

In January, our researches found that the number of malicious Android apps had hit the 10 million mark. How could this be? The number of unofficial stores, which contain more than a million applications, are more likely to be malicious. So if you’re using Google Play, the chances of getting malware are quite slim. But if you venture outside the official app channels you may find yourself infected. Ever aware of the fact that people enjoy free apps, attackers are eager to seed their malicious applications, naming them after famous games, banking apps or popular tools. The result is simple: users’ private data, banking credentials and money are going straight into the hands of criminals. A version of the Carberp Trojan is a very good example of how your money can be stolen using a malicious app.

It’s not that difficult to be safe. Just follow these expert recommendations:

Do not activate the “developer mode” on the device

Do not activate the “Install applications from third-party sources” option

On February 11, 2014 we celebrated the tenth annual Safer Internet Day, which serves as a reminder to people about how the Internet can be like the Wild West. So here are a couple of rules and suggest good habits you should be using to make this environment more civilized.

Enable automatic updates in all applications you use daily.

Don’t use a ‘dirty computer’. If it’s your own machine, it has to have an up-to-date and reliable antivirus software installed. The more the better here – consider an end-to-end solution like Internet Security. If it’s someone else’s, check for antivirus software and run a five-minute scan before typing in any of your passwords.

All protection measures – enabling updates, antivirus protection, restriction of untrusted software installation – are equally as crucial for your smartphone as they are for you PC.

If you receive a link via email, instant or text message, don’t click on it unless you asked for it to be sent to you.

In order to avoid the miserable fate of making yourself one more case of bad password theft statistics, use a special application that is capable of creating unique passwords to many websites, ‘inserting’ them into required fields and storing all credentials in a secure database.

Almost any forum, social network or chat has a ‘block user’ button, as well as ‘report spam’ or ‘report abuse’. Use them without hesitation: firstly, report an abusive commentary, secondly, report the attacker to disarm him.

All the rules we cited above are simple and easy-to-use, but at times they are not obvious to certain groups of users, especially those lacking PC proficiency: children and seniors. That’s why you should remind them of the abovementioned recommendations.

Kaspersky Security Scan is a free, immediately downloadable security solution that is continuously updated to detect and prevent the latest threats out there. It checks for known malware and software vulnerabilities on your PC and advises you on your PC’s security status. It also uses latest, cloud-based security information, enabling Kaspersky Security Scan to scan your PC for the very latest viruses and emerging threats. Download it now tocheck your computer easily, quickly and for free – to keep your system safe.